CVE-2025-60012
- EPSS 0.08%
- Veröffentlicht 13.03.2026 15:23:07
- Zuletzt bearbeitet 19.03.2026 17:46:30
Malicious configuration can lead to unauthorized file access in Apache Livy. This issue affects Apache Livy 0.7.0 and 0.8.0 when connecting to Apache Spark 3.1 or later. A request that includes a Spark configuration value supported from Apache Spar...
CVE-2025-66249
- EPSS 0.07%
- Veröffentlicht 13.03.2026 15:21:53
- Zuletzt bearbeitet 19.03.2026 12:28:24
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache Livy. This issue affects Apache Livy: from 0.3.0 before 0.9.0. The vulnerability can only be exploited with non-default Apache Livy Server settin...
CVE-2021-26544
- EPSS 2.4%
- Veröffentlicht 20.02.2021 09:15:12
- Zuletzt bearbeitet 21.11.2024 05:56:27
Livy server version 0.7.0-incubating (only) is vulnerable to a cross site scripting issue in the session name. A malicious user could use this flaw to access logs and results of other users' sessions and run jobs with their privileges. This issue is ...